I'm using Xitami 2.4d11 and encountert login problems like some other users around the forum. After entering my admin login and password I was sent to the login page agin (without a "wrong password" message of course). The cookie variables in setup_options.php where fine (untouched) and after checking my cookies I realized that no cookie was set at all.
After some hours of testing and stepping through the sourcecode I noticed that everytime a usercookie is set, it is deleted before (by setting an already expired time-to-live). I commented the deletion out (secure_bb_admin.php(103)) and everything worked fine.
I found out that deleting and setting the same cookie in two succesive calls of setcookie() isn't supported by (my?) xitami webserver.
To test that I wrote a sample script and ran it on xitami and apache:
// delete the cookie
// set the cookie
// set a test cookie so we're able to check if 'crunch' was set
// if page is reloaded print cookiedata
// 'test' was set so let's check if 'crunch' was set also
echo '<b>cookie was set</b>.</br>delete and (re)set in one step is supported';
echo "<b>cookie wasn't set</b>.</br>just overwrite the old one instead of calling <i>setcookie()</i> twice for the same cookie";
echo 'press <b>reload</b> in your browser to see if the cookie was set';
On my Xitami the 'crunch' cookie wasn't set whereas on apache it was.
I then commented deleteMyCookie() out in bb_cookie.php, bb_func_login.php and secure_bb_admin.php and everything works flawlessly.
My question is:
Why do you delete the cookie right before you set it again? Filling it with new data is also like deleting the old one. As I said I just commented deleteMyCookie() out when it was followed by setMyCookie(). If the content of the cookie is to be overwritten anyway then why delete it?
I don't think that the functionality of miniBB would be harmed if you call setMyCookie() without calling deleteMyCookie() right before.
Since that change the forum works totaly fine with Xitami.